This invention relates to protecting personal information in a computer system.
In recent years, leaking of corporate confidential information and personal information has become more prevalent, and measures against such leaking have been strongly demanded. For example, in Japan the law “Act on the Personal Information Protection” became fully effective in April 2005, and specification and secure data management of personal information have been required of any corporation which retains personal information of at least 5000 people for at least six months.
Personal information subject to the law includes not only data stored inside an electronic commerce web server and a database, but also data inside a notebook personal computer (PC) carried by a corporate employee. In a PC carried by a sales person, for example, a customer list, a staff register, a conference participant list and the like are stored, and such information also needs to be considered as personal information subject to personal information management. Backup files and older versions of files containing such personal information exist in various locations in a file system of a PC, and often the owner of the PC is not aware of the locations of the personal data on the computer. Additionally, the hard disk sizes of some of the recent PCs exceed 100 GB, making it difficult to manually detect the data.
End user monitoring systems, thin-client systems, document management systems and the like have been put into practical use as technologies for personal information management. However, these techniques have not come into full-scale use because they suffer from problems such as reduced operability for a user, and high costs for installation of a dedicated server, replacement of business software, and the like.
An access control has been proposed which determines whether to permit or prohibit access to each of the personal information in a personal information management system. This determination is made by referring to a personalized access control list where various access rights to each piece of personal information are determined. The access rights are set up by an individual who is a subject of each piece of the personal information (see, for example, Japanese Patent Application Laid-open No. JP2005-196699). However, all the above techniques for enhancing a security level of a PC require alteration of an existing operating system and/or an application program in the PC.
If personal information is detected by a software tool which semi-automatically detects personal information, personnel costs can be considerably reduced. Normally, such a detection tool is executed by a user or a system administrator at certain intervals (for example, once a month). When such a usage frequency is assumed, however, a time lag (for example, for a maximum of one-month period in the foregoing example) can occur between a time when data containing personal information is actually generated, and a timing of detection by using the tool. As a result, it is difficult to perform real-time risk management.